Documentation

Current developers

Mailing lists

Related projects

Support

The development and maintenance of the Swift system has
been supported by NSF grants 0430161 and 0627649, and
by TRUST (supported
by NSF, AFOSR, and industrial partners).

Swift: making web applicationssecure by construction

Swift is a new, principled approach to building web applications
that are secure by construction.
Web applications are hard to build because code and data need to be
partitioned to make them responsive. They are also hard to build because
code and data need to be partitioned for security.
Currently there are no good methods for
deciding when it is secure to move code and data to the client side.

Because of the connection (and tension) between the problems of security and
interactive performance, Swift addresses both at once, automatically
partitioning application code while providing assurance that the
resulting placement is secure and efficient.

In the Swift approach, application code is written
in the Jif language, a Java-based language that includes information
security policies. The source code
is automatically partitioned into JavaScript code running in the
browser, and Java code running on the server.
For interactive performance,
code and data are placed on the client side where possible.
Security-critical code is placed
on the server and user interface code is placed on the client. Code
placement is constrained by high-level, declarative information flow
policies that strongly enforce the confidentiality and integrity of
server-side information. The Swift compiler may also choose to replicate
code and data across the client and server, with benefits for both
security and performance.